121. Introduction
34Linux distinguishes between administrative and operational state of an
5interface. Administrative state is the result of "ip link set dev
6<dev> up or down" and reflects whether the administrator wants to use
7the device for traffic.
89However, an interface is not usable just because the admin enabled it
10- ethernet requires to be plugged into the switch and, depending on
11a site's networking policy and configuration, an 802.1X authentication
12to be performed before user data can be transferred. Operational state
13shows the ability of an interface to transmit this user data.
1415Thanks to 802.1X, userspace must be granted the possibility to
16influence operational state. To accommodate this, operational state is
17split into two parts: Two flags that can be set by the driver only, and
18a RFC2863 compatible state that is derived from these flags, a policy,
19and changeable from userspace under certain rules.
2021222. Querying from userspace
2324Both admin and operational state can be queried via the netlink
25operation RTM_GETLINK. It is also possible to subscribe to RTMGRP_LINK
26to be notified of updates. This is important for setting from userspace.
2728These values contain interface state:
2930ifinfomsg::if_flags & IFF_UP:
31 Interface is admin up
32ifinfomsg::if_flags & IFF_RUNNING:
33 Interface is in RFC2863 operational state UP or UNKNOWN. This is for
34 backward compatibility, routing daemons, dhcp clients can use this
35 flag to determine whether they should use the interface.
36ifinfomsg::if_flags & IFF_LOWER_UP:
37 Driver has signaled netif_carrier_on()
38ifinfomsg::if_flags & IFF_DORMANT:
39 Driver has signaled netif_dormant_on()
4041TLV IFLA_OPERSTATE
4243contains RFC2863 state of the interface in numeric representation:
4445IF_OPER_UNKNOWN (0):
46 Interface is in unknown state, neither driver nor userspace has set
47 operational state. Interface must be considered for user data as
48 setting operational state has not been implemented in every driver.
49IF_OPER_NOTPRESENT (1):
50 Unused in current kernel (notpresent interfaces normally disappear),
51 just a numerical placeholder.
52IF_OPER_DOWN (2):
53 Interface is unable to transfer data on L1, f.e. ethernet is not
54 plugged or interface is ADMIN down.
55IF_OPER_LOWERLAYERDOWN (3):
56 Interfaces stacked on an interface that is IF_OPER_DOWN show this
57 state (f.e. VLAN).
58IF_OPER_TESTING (4):
59 Unused in current kernel.
60IF_OPER_DORMANT (5):
61 Interface is L1 up, but waiting for an external event, f.e. for a
62 protocol to establish. (802.1X)
63IF_OPER_UP (6):
64 Interface is operational up and can be used.
6566This TLV can also be queried via sysfs.
6768TLV IFLA_LINKMODE
6970contains link policy. This is needed for userspace interaction
71described below.
7273This TLV can also be queried via sysfs.
7475763. Kernel driver API
7778Kernel drivers have access to two flags that map to IFF_LOWER_UP and
79IFF_DORMANT. These flags can be set from everywhere, even from
80interrupts. It is guaranteed that only the driver has write access,
81however, if different layers of the driver manipulate the same flag,
82the driver has to provide the synchronisation needed.
8384__LINK_STATE_NOCARRIER, maps to !IFF_LOWER_UP:
8586The driver uses netif_carrier_on() to clear and netif_carrier_off() to
87set this flag. On netif_carrier_off(), the scheduler stops sending
88packets. The name 'carrier' and the inversion are historical, think of
89it as lower layer.
9091Note that for certain kind of soft-devices, which are not managing any
92real hardware, it is possible to set this bit from userspace. One
93should use TVL IFLA_CARRIER to do so.
9495netif_carrier_ok() can be used to query that bit.
9697__LINK_STATE_DORMANT, maps to IFF_DORMANT:
9899Set by the driver to express that the device cannot yet be used
100because some driver controlled protocol establishment has to
101complete. Corresponding functions are netif_dormant_on() to set the
102flag, netif_dormant_off() to clear it and netif_dormant() to query.
103104On device allocation, networking core sets the flags equivalent to
105netif_carrier_ok() and !netif_dormant().
106107108Whenever the driver CHANGES one of these flags, a workqueue event is
109scheduled to translate the flag combination to IFLA_OPERSTATE as
110follows:
111112!netif_carrier_ok():
113 IF_OPER_LOWERLAYERDOWN if the interface is stacked, IF_OPER_DOWN
114 otherwise. Kernel can recognise stacked interfaces because their
115 ifindex != iflink.
116117netif_carrier_ok() && netif_dormant():
118 IF_OPER_DORMANT
119120netif_carrier_ok() && !netif_dormant():
121 IF_OPER_UP if userspace interaction is disabled. Otherwise
122 IF_OPER_DORMANT with the possibility for userspace to initiate the
123 IF_OPER_UP transition afterwards.
1241251264. Setting from userspace
127128Applications have to use the netlink interface to influence the
129RFC2863 operational state of an interface. Setting IFLA_LINKMODE to 1
130via RTM_SETLINK instructs the kernel that an interface should go to
131IF_OPER_DORMANT instead of IF_OPER_UP when the combination
132netif_carrier_ok() && !netif_dormant() is set by the
133driver. Afterwards, the userspace application can set IFLA_OPERSTATE
134to IF_OPER_DORMANT or IF_OPER_UP as long as the driver does not set
135netif_carrier_off() or netif_dormant_on(). Changes made by userspace
136are multicasted on the netlink group RTMGRP_LINK.
137138So basically a 802.1X supplicant interacts with the kernel like this:
139140-subscribe to RTMGRP_LINK
141-set IFLA_LINKMODE to 1 via RTM_SETLINK
142-query RTM_GETLINK once to get initial state
143-if initial flags are not (IFF_LOWER_UP && !IFF_DORMANT), wait until
144 netlink multicast signals this state
145-do 802.1X, eventually abort if flags go down again
146-send RTM_SETLINK to set operstate to IF_OPER_UP if authentication
147 succeeds, IF_OPER_DORMANT otherwise
148-see how operstate and IFF_RUNNING is echoed via netlink multicast
149-set interface back to IF_OPER_DORMANT if 802.1X reauthentication
150 fails
151-restart if kernel changes IFF_LOWER_UP or IFF_DORMANT flag
152153if supplicant goes down, bring back IFLA_LINKMODE to 0 and
154IFLA_OPERSTATE to a sane value.
155156A routing daemon or dhcp client just needs to care for IFF_RUNNING or
157waiting for operstate to go IF_OPER_UP/IF_OPER_UNKNOWN before
158considering the interface / querying a DHCP address.
159160161For technical questions and/or comments please e-mail to Stefan Rompf
162(stefan at loplof.de).